sf-b2b-apex
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious instructions, obfuscation, or unauthorized access patterns were detected within the skill's instructions or code examples. The content adheres to standard Salesforce development practices.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill promotes secure coding by explicitly instructing users to utilize Salesforce Named Credentials for external callouts, which prevents the hardcoding of authentication headers or secrets.
- [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to retrieve technical documentation from developer.salesforce.com. This is a well-known service, and the activity is directly related to the skill's legitimate primary purpose of providing up-to-date Apex development guidance.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies an ingestion surface by fetching external documentation from Salesforce at runtime. This surface is considered low risk as it targets trusted official domains for technical reference.
Audit Metadata